first commit

README.md

@@ -1,2 +1,342 @@
-# openrabbit
+# OpenRabbit
 
+Enterprise-grade AI code review system for **GitHub** and **Gitea** with automated PR review, issue triage, interactive chat (Bartender), and codebase analysis.
+
+---
+
+## Features
+
+| Feature | Description |
+|---------|-------------|
+| **PR Review** | Inline comments, security scanning, severity-based CI failure |
+| **Issue Triage** | Auto-classification, labeling, priority assignment |
+| **Chat (Bartender)** | Interactive AI chat with codebase search and web search tools |
+| **@ai-bot Commands** | `@ai-bot summarize`, `explain`, `suggest` in issue comments |
+| **Codebase Analysis** | Health scores, tech debt tracking, weekly reports |
+| **Security Scanner** | 17 OWASP-aligned rules for vulnerability detection |
+| **Enterprise Ready** | Audit logging, metrics, Prometheus export |
+| **Multi-Platform** | Works with both GitHub and Gitea |
+
+---
+
+## Quick Start
+
+### 1. Set Repository/Organization Secrets
+
+```
+OPENAI_API_KEY      - OpenAI API key (or use OpenRouter/Ollama)
+SEARXNG_URL         - (Optional) SearXNG instance URL for web search
+```
+
+**For Gitea:**
+```
+AI_REVIEW_TOKEN     - Bot token with repo + issue permissions
+```
+
+**For GitHub:**
+The built-in `GITHUB_TOKEN` is used automatically.
+
+### 2. Add Workflows to Repository
+
+Workflows are provided for both platforms:
+
+| Platform | Location |
+|----------|----------|
+| GitHub | `.github/workflows/` |
+| Gitea | `.gitea/workflows/` |
+
+#### GitHub Example
+
+```yaml
+# .github/workflows/ai-review.yml
+name: AI PR Review
+on: [pull_request]
+
+jobs:
+  ai-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - run: pip install requests pyyaml
+
+      - name: Run AI Review
+        env:
+          AI_REVIEW_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AI_REVIEW_REPO: ${{ github.repository }}
+          AI_REVIEW_API_URL: https://api.github.com
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        run: |
+          cd tools/ai-review
+          python main.py pr ${{ github.repository }} ${{ github.event.pull_request.number }}
+```
+
+#### Gitea Example
+
+```yaml
+# .gitea/workflows/ai-review.yml
+name: AI PR Review
+on: [pull_request]
+
+jobs:
+  ai-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/checkout@v4
+        with:
+          repository: YourOrg/OpenRabbit
+          path: .ai-review
+          token: ${{ secrets.AI_REVIEW_TOKEN }}
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - run: pip install requests pyyaml
+
+      - name: Run AI Review
+        env:
+          AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
+          AI_REVIEW_REPO: ${{ gitea.repository }}
+          AI_REVIEW_API_URL: https://your-gitea.example.com/api/v1
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        run: |
+          cd .ai-review/tools/ai-review
+          python main.py pr ${{ gitea.repository }} ${{ gitea.event.pull_request.number }}
+```
+
+For full workflow examples, see [Workflows Documentation](docs/workflows.md).
+
+### 3. Create Labels
+
+Create these labels in your repository for auto-labeling:
+- `priority: high`, `priority: medium`, `priority: low`
+- `type: bug`, `type: feature`, `type: question`
+- `ai-approved`, `ai-changes-required`
+
+---
+
+## Project Structure
+
+```
+tools/ai-review/
+├── agents/                 # Agent implementations
+│   ├── base_agent.py       # Abstract base agent
+│   ├── issue_agent.py      # Issue triage & @ai-bot commands
+│   ├── pr_agent.py         # PR review with security scan
+│   ├── codebase_agent.py   # Codebase health analysis
+│   └── chat_agent.py       # Bartender chat with tool calling
+├── clients/                # API clients
+│   ├── gitea_client.py     # Gitea REST API wrapper
+│   └── llm_client.py       # Multi-provider LLM client with tool support
+├── security/               # Security scanning
+│   └── security_scanner.py # 17 OWASP-aligned rules
+├── enterprise/             # Enterprise features
+│   ├── audit_logger.py     # JSONL audit logging
+│   └── metrics.py          # Prometheus-compatible metrics
+├── prompts/                # AI prompt templates
+├── main.py                 # CLI entry point
+└── config.yml              # Configuration
+
+.github/workflows/          # GitHub Actions workflows
+├── ai-review.yml           # PR review workflow
+├── ai-issue-triage.yml     # Issue triage workflow
+├── ai-codebase-review.yml  # Codebase analysis
+├── ai-comment-reply.yml    # @ai-bot command responses
+└── ai-chat.yml             # Bartender chat
+
+.gitea/workflows/           # Gitea Actions workflows
+├── enterprise-ai-review.yml
+├── ai-issue-triage.yml
+├── ai-codebase-review.yml
+├── ai-comment-reply.yml
+└── ai-chat.yml
+```
+
+---
+
+## CLI Commands
+
+```bash
+# Review a pull request
+python main.py pr owner/repo 123
+
+# Triage an issue
+python main.py issue owner/repo 456
+
+# Respond to @ai-bot command
+python main.py comment owner/repo 456 "@ai-bot explain"
+
+# Analyze codebase
+python main.py codebase owner/repo
+
+# Chat with Bartender
+python main.py chat owner/repo "How does authentication work?"
+python main.py chat owner/repo "Find all API endpoints" --issue 789
+```
+
+---
+
+## @ai-bot Commands
+
+In any issue comment:
+
+| Command | Description |
+|---------|-------------|
+| `@ai-bot summarize` | Summarize the issue in 2-3 sentences |
+| `@ai-bot explain` | Explain what the issue is about |
+| `@ai-bot suggest` | Suggest solutions or next steps |
+| `@ai-bot` (any question) | Chat with Bartender using codebase/web search |
+
+---
+
+## Bartender Chat
+
+Bartender is an interactive AI assistant with tool-calling capabilities:
+
+**Tools Available:**
+- `search_codebase` - Search repository files and code
+- `read_file` - Read specific files
+- `search_web` - Search the web via SearXNG
+
+**Example:**
+```
+@ai-bot How do I configure rate limiting in this project?
+```
+
+Bartender will search the codebase, read relevant files, and provide a comprehensive answer.
+
+---
+
+## Configuration
+
+Edit `tools/ai-review/config.yml`:
+
+```yaml
+provider: openai   # openai | openrouter | ollama
+
+model:
+  openai: gpt-4.1-mini
+  openrouter: anthropic/claude-3.5-sonnet
+  ollama: codellama:13b
+
+agents:
+  issue:
+    enabled: true
+    auto_label: true
+  pr:
+    enabled: true
+    inline_comments: true
+    security_scan: true
+  codebase:
+    enabled: true
+  chat:
+    enabled: true
+    name: "Bartender"
+    searxng_url: ""  # Or set SEARXNG_URL env var
+
+interaction:
+  respond_to_mentions: true
+  mention_prefix: "@ai-bot"  # Customize your bot name here!
+  commands:
+    - summarize
+    - explain
+    - suggest
+```
+
+---
+
+## Customizing the Bot Name
+
+You can change the bot's mention trigger from `@ai-bot` to any name you prefer:
+
+**Step 1:** Edit `tools/ai-review/config.yml`:
+```yaml
+interaction:
+  mention_prefix: "@bartender"  # or "@uni", "@joey", "@codebot", etc.
+```
+
+**Step 2:** Update the workflow files to match:
+
+For GitHub (`.github/workflows/ai-comment-reply.yml` and `ai-chat.yml`):
+```yaml
+if: contains(github.event.comment.body, '@bartender')
+```
+
+For Gitea (`.gitea/workflows/ai-comment-reply.yml` and `ai-chat.yml`):
+```yaml
+if: contains(github.event.comment.body, '@bartender')
+```
+
+**Example bot names:**
+| Name | Use Case |
+|------|----------|
+| `@bartender` | Friendly, conversational |
+| `@uni` | Short, quick to type |
+| `@joey` | Personal assistant feel |
+| `@codebot` | Technical, code-focused |
+| `@reviewer` | Review-focused |
+
+---
+
+## Security Scanning
+
+17 rules covering OWASP Top 10:
+
+| Category | Examples |
+|----------|----------|
+| Injection | SQL injection, command injection, XSS |
+| Access Control | Hardcoded secrets, private keys |
+| Crypto Failures | Weak hashing (MD5/SHA1), insecure random |
+| Misconfiguration | Debug mode, CORS wildcard, SSL bypass |
+
+---
+
+## Documentation
+
+| Document | Description |
+|----------|-------------|
+| [Getting Started](docs/getting-started.md) | Quick setup guide |
+| [Configuration](docs/configuration.md) | All options explained |
+| [Agents](docs/agents.md) | Agent documentation |
+| [Security](docs/security.md) | Security rules reference |
+| [Workflows](docs/workflows.md) | GitHub & Gitea workflow examples |
+| [API Reference](docs/api-reference.md) | Client and agent APIs |
+| [Enterprise](docs/enterprise.md) | Audit logging, metrics |
+| [Troubleshooting](docs/troubleshooting.md) | Common issues |
+
+---
+
+## LLM Providers
+
+| Provider | Model | Use Case |
+|----------|-------|----------|
+| OpenAI | gpt-4.1-mini | Fast, reliable |
+| OpenRouter | claude-3.5-sonnet | Multi-provider access |
+| Ollama | codellama:13b | Self-hosted, private |
+
+---
+
+## Enterprise Features
+
+- **Audit Logging**: JSONL logs with daily rotation
+- **Metrics**: Prometheus-compatible export
+- **Rate Limiting**: Configurable request limits
+- **Custom Security Rules**: Define your own patterns via YAML
+- **Tool Calling**: LLM function calling for interactive chat
+
+---
+
+## License
+
+MIT